
so 



T 




Q 



-1 



■2- 







1 
1 

Mm 

1 
1 



















1 




\ 
































S/nr 



Non secure 



Secure 



. thread 1 


handler / 


Events 


secure 


secure 


return 




scheduler 




world 
entry/exit 


thread 1 


function 




1 user mode 


IRQ mode 




monitor 
mode 


user mode 


monitor 
mode . 


















pr 


































Start appii 




















I 


i lo 










SUBS 




\ End of 
thread 















IRQl 




SIRQ 



Non secure 



thread 1 
user mode 



IRQ 
handler 

IRQ mode 



PI 



© 



©i 



End of 
thread 



SUBS 



Events 



Secure 



secure 
world 
entry / exit 

monitor 
mode 



secure 
thread 1 

user mode 



'i,0 



Start appli 



]© 



Secure 

IRQ 
handler 

IRQ mode 



Sid 



' SUBS 



:]©i 



-5rMi: 



10 



IO/6i(. 



IRQ 



SIRQ 




SiRQ 



IRQ 



Non secure 



thread 1 
user mode 



IRQ 
handler 

IRQ mode 



i: 



J2t 



Events 



secure 
world 
entry / exit 

monitor 
mode 



1® 



• SUBS 



secure 
thread 1 

user mode 



Secure 



Secure 

IRQ 
handler 

IRQ mode 



-.51*11 



11/6^ 




Reset 



0x00 



0x04 



5oW\/isorm(ide 

Monitor mode 

Supervisor mode ^^)^ 
Abort mode iy!|o^;4or- r^'^t)^ 



SWI 



0x08 



Prefetch abort 



OxOC 



Data abort 



0x10 



Abort mode /f\»^:\o^ 



IRQ/SIRQ 



0x18 



IRQ mode 



ST" 



FIQ 



0x1 C 



FIQrnode ^ ^ ^ 



C 

























^;^Ac» 











\/S6 

























N/MS>S 













1 


. \ 


\ 


I 




I 































0 - 



n/ 



N 



13 (6/+ 





B 




1^ 



IG/6M- 




User 


System 


Supervisor 


Abort 


Undefined 


Interrupt 


Fast Interrupt 




Monitor 


RO 


RO 


RO 


RO 


RO 


RO 


RO 




RO 


R1 


R1 


R1 


R1 


R1 


R1 


R1 




R1 


R2 


R2 


R2 


R2 


R2 


R2 


R2 




R2 


R3 


R3 


R3 


R3 


R3 


R3 


R3 




R3 


R4 


R4 


R4 


R4 


R4 


R4 


R4 




R4 


R5 


R5 


R5 


R5 


R5 


R5 


R5 




R5 


R6 


R6 


R6 


R6 


R6 


R6 


R6 




R6 


R7 


R7 


R7 


R7 


R7 


R7 


R7 




R7 


R8 


R8 


R8 


R8 


R8 


R8 


R8 fiq 




R8 


R9 


R9 


R9 


R9 


R9 


R9 


R9 fiq 




R9 


R10 


R10 


R10 


R10 


R10 


RIO 


R10 fiq 




R10 


R11 


R11 


R11 


R11 


R11 


R11 


R11 fiq 




R11 


R12 


R12 


R12 


R12 


R12 


R12 


R12 fiq 




R12 


R13 


R13 




T^3^1^ ^ 


R13 und 


R13Jrq 


R13 fiq 




R13 man 


R14 


R14 




(fNCSsbtV 


R14 und 


R14 irq 


R14 fiq 




R14 mon 


PC 


PC 


PC 


PC 


PC 


PC 


PC 




PC 






CPSR 


CPSR 


CPSR 


CPSR 


CPSR 


CPSR 


CPSR 




CPSR 






SPSR SVC 


SPSR_abt 


SPSR und 


SPSRJrq 


SPSR_fiq 




SPSR mon 



f^icrvee 22. 




FiCcves 2.3 





\ 






\ 






1 
1 






1 






1 






7.0 1 eu^ 




23 




(3?r 



CS7 



i 



WAIT 



i 



^3. 30 



z5ie(+ 




Y 



/ — 








> 





















-^1 



7^ 



v/ 



4- 



.^1 1 



hAo/>; Vol 



i 




i 



1 



\ 



f 

5 « 



o 

^4 




to 

V!) 





































f 



S^i^CH s-m-r^ Po9i^-nEA 7t> 



I 



2oSo 



OoMAlAj 



cachable. 
bufferable 
A 




cachable. 
bufferable 



FIG. 3? 



32/6^ 



130 



abort 



cachabie. 
bufferable 
▲ 



CORE 



to 



002 



access 
permission 



201 



20o 



^TLB 



region attribute 



T 



partition 
checker 



main 
TLB 



•208 



descriptors 



232 



2lo 

^ 



translation 
table walk 



MMU 




fl6. t).0 



the descriptor 
describes a section 
that overlaps 
Secure regions 



/ 



NS 



NS 



NS 



_EA_ 



\ 



VA 



if VA corresponds to PA in secure 
memory 

=> partition checker generates an 
ABORT 



If VA corresponds to PA in non- 
secure memory 

=> this region is loaded in uTLB 



Secure memory 
I I Non-secure memory 



SIS 



\ 



non-secure pages 
table 



non-secure 
translation 
table base 
address 



secure pages table 



secure 
translation 
table base 

address 




1=16. bfi_ 



Free memory 
for OS 



Free memory 
for secure 
kernel 



Secure allocated 
memory for 

secure 
application 




1^0 /6if- 



Shared 
memory 




^1 M 




V7? 




S »»T 



L 




Wo 



2»« * 



O 

o 



5 2 

I* 

I 

2 



o 

C4 



\ 



o 

CM 




\ 


^ 






^ — \ 


1 ( 




/ 1 














\ 


1 







ll 




50 1 e^. 




2S2o 



I 



TO PA 7»4rt/Xc/97iowM 



abort 



Core 



Core 

IwiTIOlP 

State 



Descffptof 1 



Descriptor 2 



[Descriptor 



Descriptor n 



MMU ^iiis "^ ^ 
) 

2oo 



•3« 



Line 1 


s 


Line 2 


NS 



Une (n-1) 



Line n 



Cache 



'71 



36 



!TAG 



^26 \o - 


Une 1 


s 


) 


Line 2 


NS 






Line(n>1) 


NS 


Line n 


S 


TCM QSl^ 



E6X 



>TAq 



HPROT 



STAG 



^ Abort 



~r~ 



r 



10 



External 
memory 



Secure 
peripheral 



Non-Secure 



Cf72 



HPROT 



STAG 



Partition 
checker 



[ 26^0 



6Zl6Li. 



23o 

__L. 



abort 



cachable, 

bufferable .Q3i 



10 



1%€ 



1 



permission 



region attribute 



virtual 
address 



mTLB 



tZZE 



main 
TLB 



descriptors 



.lio 



~\ — 



translation 
table walk 



physical 
address 




fi6 sr- 



Method of entry 
Breakpoint hits 



Software breakpoint 
instruction 



How to p rogram? 

Debug TAP or 
software (CP14) 



How to enter? 

Program breakpoint register and/or 
context-ID register and comparisons 
succeed with Instruction Address and/or 
CP15 Context ID 



Put a BKPT instruction into scan 
chain 4 (Instmction Transfer 
Register) through Debug TAP or 
Use BKPT instruction directly in 
the code. 



BKPT instruction must reach execution 
stage. 



Entry mode 
Halt/monitor 

C) 



Halt/monitor 



Vector trap breakpoint 



Debug TAP 



Program vector trap register and 
address matches. 



Watchpoint hits 



Debug TAP 
or software (CP14) 



Program watchpoint register and/or 
context-ID register and comparisons 
succeed with Instruction Address and/or 
CP1 5 Context ID (^). 



Halt/monitor 

C) 



Internal debug request 



Debug TAP 



Halt instruction has been scanned in. 



EDBGRQ input pin is asserted. 



Halt 



(^)- In monitor mode, breakpoints and watchpolnts cannot be data-dependent. 

ey. The cores have support for thread-aware brBakpolnts and watchpoints.v«\pcdRrteaJ^^^^ enable secur 
debug on some particular threads. 



F 



'3 



GO 



Name 


Meaning 1 Reset 
value 


Access 


Inserted in 

scan chain 
for test 


Monitor 
mode enable 
bit 


0: halt mode 
1 : monitor mode 


1 


RAV by programming the ICE by the JTAG (scanl) 
• R/W by using MRCVMCR instruction (CP 14) 


yes 


.Q^piir^ H phi icy 

enable bit 


0: debug in non- 
secure world only. 
1: debug in secure 
world and non- 
secure world 


0 


In functional mode or debus monitor mode* R/W bv 
using MRC/MCR instruction (CP 14) (only in secure 
supervisor mode) 

In Debug halt mode: No access - MCR/MRC 
instructions have any effect 

(R/W by programming the ICE by the JTAG (scanl) 
if JSDAEN=1 


no 


Secure trace 
enable bit 


0: ETM is enabled 

in non-secure 

world only. 

1 : ETM is enabled 

in secure world 

and non-secure 

world 


0 


III lunciioiiai mouc or ucoug moiiii.cjr inoac. msj w oy 
using MRC/MCR instruction (CP 14) (only in secure 
supervisor mode) 

In Debug halt mode: No access - MCR/MRC 
instructions have any effect. 

(R/W by programming the ICE by the JTAG (scanl) 
if JSDAEN=1 


no 


Secure user- 
mode enable 
bit 


0: debug is not 
possible in secure 
user mode 
1 : debug is 
possible in secure 
user mode 


1 


m runcnonai moae or aeoug momior moae. jk/w ny 
using MRC/MCR instruction (CP 14) (only in secure 
supervisor mode) 

In Debug halt mode: No access - MCR/MRC 
instructions have any effect. 

(R/W by programming the ICE by the JTAG (scanl) 
if JSDAEN=1 


no 


thread-aware 
enable bit 


0: debug is not 
possible for a 
particular thread 
1: debug is 
possible for a 
particular thread 


0 


In functiotial mode or debu^ monitor mode* R/W hv 
using MRC/MCR instruction (CP 14) (only in secure 
supervisor mode) 

In Debug halt mode: No access - MCR/MRC 
instructions have any effect. 

(R/W by programming the ICE by the JTAG (scanl) 
if JSDAEN=1 





Figure g/ 



Function Table 



D 


CK 


Q[n+1] 


0 




0 


1 




1 


X 




Q[n] 



Logic Symbol 

D 



CK 



> 



FIGURE^ 



Function Table 



Logic Symbol 



D 


SI 


SE 


CK 


Q[n+1] 


0 


X 


0 




0 


1 


X 


0 




1 


X 


X 


X 




Q[n] 


X 


0 


1 




0 


X 


1 


1 




1 




— Q 



U 



-Sf- 
D 
SE 
CK 




Q 31 
D 
SE 
CK 




Q SI 
D 
SE 
CK 




Q SI 
D 
SE 
CK 




FIGURE 



JTAG 
inteiface 



TAP 
controller 



AAA A 



Scan In 



Integrated 
Circuit 



Scan Out 



6^1 1 6q- 



JADI 



JTAG 
inter&ce 



TAP 
controller 



AAA A 



Integrated 
Circuit 



Scan In 



Scan Out 



FIGURE 6<^A 



Bypass 
Register 




SO 



FIGURE ^ B 



Instruction 
Memory 



(1) 



s 
c 

A 
N 

C 
H 
A 
I 

N 
4 



(3) 



Debug 
TAP 



CORE 



(2) 



ICE 



CP14 Debug Status 
& Control Register ' 



^ SCAN CHAIN 1 



JSDAEN^ Si60 



# 62/(5^ 



CP 14 bits in Debug and Status Control register 


meaning 


Secure debug enable 
bit 


Secure user-mode 
debug enable bit 


Secure thread-aware 
debue enable bit 


u 


X 


X 


No intrusive debug in entire secure world is possible. 
Any debug request, breakpoints, watchpoints, and other 
mecoamsm lo emer ucDug autic <u.c igiiviicvi m wutu^ 
secure world. 


1 


0 


X 


Debug in entire secure world is possible 


1 


1 


0 


Debug in secure user-mode only. Any debug request, 
breakpoints, watchpoints, and other mechanism, to enter 
debug state are taken into account in user mode only. 
(Breakpoints and watclq>oints linked or not to a thread 
ID are taken into account). Access in debug is restricted 
to what secure user can have access to. 


1 


1 


1 


Debug is possible only in some particular threads. In 
that case only thread-aware breakpoints and 
watchpoints linked to a thread ID are taken into account 
to enter debug state. Each thread can moreover debug 
its own code, and only its own code. 



i 
I 

Figure 6^/^ 



CP 14 bits in Debug and Status Control register 




Secure trace enable 
bit 


Secure user-mode 
debug enable bit 


Secure thread-aware 
debug enable bit 


meaning 


a 


X 


X 


No observable debug in entire secure world is possibl . 
Trace module (ETM) must not trace internal core 
activity. 


1 


0 


X 


Trace in entire secure world is possible 


1 


-V •". 




Trace is possible when the core is in secure user-mode 
only. 


1 


1 '. ■ 


1 


Trace is possible only when the core is executing some 
particular threads in secure user mode. Particular 
hardware must be dedicated for this, or re-use 
breakpoint register pair: Context ID match must enable 
trace instead of entering debug state. 



I 
j 

Figure 



A 



i 



Method of entry 


Efuxry wnen in non-scwurc wuriu 


vii.ujr wucu ux aci^uiv wuiiu 


Breakpoint hits 


Non-secure prefetch abort handler 


secure prefetch abort handler 


Software breakpoint instruction 


Non-secure prefetch abort handler 


secine prefetch abort handler 


Vector trap breakpoint 


Disabled for non-secure data abort 
and non-seciu:e prefetch abort 
interruptions. For other non-secure 
exceptions, prefetch abort. 


Disabled for seciire data abort and 
secure prefetch abort exceptions C), 
For other exceptions, secure prefetch 
abort. 


Watchpoint hits 


Non-secure data abort handler 


secure data abort handler 


Internal debug request 


Debug state in halt mode 


debug state in halt mode 


External debug request 


Debug state in halt mode 


debug state in halt mode 



CQ 5&L \ACdfMahon on vector trap register, l 

(2) Note that when external or internal debug request is asserted, the core enters halt mode and not monitor mode. 

Figure T-l/^ 



Method of entry 



Entry in non-secure world 




Breakpoint hits 



Non-secure prefetch abort handler 



Software brealq>oint instruction 



Non-secure prefetch abort handler 



Vector trap breal^oint 



Disabled for non-secure data abort and 
non-secure prefetch abort interruptions. 
For others intem^tion non-secure prefetch 
abort, 



Watchpoint hits 



Non-secine data abort handler 



Intenial debug request 



Debug state in halt mode 



External debug request 



Debug re-entry from system 
speed access 



(') As substitution of BKPT instruction in secure world from non-secure world is not possible, non-secuie abort 
must handle the violation. 



Figure ?r0 



